Aller au contenu Aller au menu principal Aller au menu secondaire Aller au pied de page

Securing your DNS infrastructure with DNSSEC

Home > Products and services > Training > Securing your DNS infrastructure with DNSSEC

The DNS is a strategic infrastructure, since all internet services for companies, associations and public organisations depend on it. Implementing DNSSEC allows you to secure this infrastructure.

Description and aims of the training course

This training course will enable you to protect your customers and your own infrastructures against any security problems that might penalise your activities. You will learn how to deploy this delicate extention that require advanced technical knowledge and a rigorous exploitation. You will be able to:

  • Assess the benefits of deploying DNSSEC in your environment
  • Acquire technical knowledge of DNSSEC
  • Configure the installation of a validating DNSSEC resolver (Unbound)
  • Construct a DNSSEC infrastructure with OpenDNSSEC and manage the keys and BIND to serve the signed zones

2 days

Target audience
Registrars, DNS hosts, professionals of security and the DNS.


  • Knowledge of the basics of the DNS
  • Familiarity with the UNIX operating system and the TCP/IP network protocols
  • At least one year’s experience in the domain name administration business

Stéphane Bortzmeyer, Afnic DNS expert

Training location
Face-to-face at your offices or remotely
Find practical information on how to get to our offices.

Final assessment of the training course will be in the form of a multiple-choice questionnaire.

Contact us for a quotation.

DIRECTTE declaration numer : 11788446878

Our experts can adapt to your needs and design a custom training course.

If you are a Registrar and a DNS host, DNSSEC adoption for the .fr zone is one of our priorities. Contact us for a personalised session.

Training programme 

Day 1 – Morning: Reminder of the basics

  • Functioning of the DNS
  • Security of the DNS and associated risks
  • Cryptography 
  • Contributions of DNSSEC

Day 1 – Afternoon: Presentation of DNSSEC

  • Keys and DNSKEY records
  • Signing of records
  • Secure delegation
  • Proof of non-existence: NSEC and NSEC3 records

Day 2 – Morning: DNSSEC in practice

  • Protocol details 
    • DO bit and transport (EDNS)
    • Problems associated with firewalls
  • Creation of a zone signed manually
    • Validation using Unbound
    • Verifying with DIG and DELV
    • Identifying the causes of a problem
    • Performing tests with Zonemaster and DNSVIZ
  • Delegation of a zone
  • Renewal of keys

Day 2 – Afternoon: Practical exercises and feedback

  • Creation of a signed zone with OpenDNSSEC
  • DNSSEC feedback
    • In the root zone
    • For Top-Level Domains
    • Ordinary zones signed
    • Storage of keys and HSMs
    • Frequently encountered operational problems

27 & 28 octobre 2022

If anyone participating in the training course has a disability, please contact us on +33 (0)1 39 30 83 59 so we can make suitable arrangements.

For more information and dates of upcoming training sessions:

Contact us

Last updated on 18th January 2022